Consumers enjoy few protections from false data

NicoleDuarte

WASHINGTON (MarketWatch) -- Data collection firms have become an increasingly important law enforcement resource. In the scramble to identify potential terrorists, the government's push for more information about private citizens has helped spawn a $1 billion industry.

Many of the U.S.'s most important privacy protections don't apply to commercial data brokers, allowing law enforcement to buy access to intricate dossiers on American citizens it couldn't otherwise collect, privacy advocates say.

"If you say in effect the government has the freedom to collect and use any information it can obtain, then you no longer have a constitutional safeguard against abuse," said Marc Rotenberg, executive director of the Electronic Privacy Information Center.

The Privacy Act of 1974 forbids the federal government from collecting personal information for one purpose and using it for another without publishing explicit notice to the individuals affected. The federal government also is forbidden from creating extensive records about citizens unless the information is intended for a specific law enforcement investigation. Using data from private companies allows law enforcement to skirt both those restrictions.

"As the government is expanding its surveillance authority, monitoring more communications, obtaining more records, its willingness to be held accountable by the public has actually gone down," Rotenberg said. "And that's a crucial problem."

And the data business is booming. In 1996, the federal law enforcement community spent $1.7 million on contracts with two commercial information resellers, according to federal contracting data. By 2005, the same 22 agencies spent $40.5 million on contracts with four data brokers and three credit bureaus.

Last year, ChoicePoint Inc.
CPS, +1.60%
a leading federal contractor, reported its government services group accounted for 14% of its annual revenue, or $148 million, up from 9% of total revenue, or $69 million, in 2002, the first year the company split off government services into its own segment.

Law enforcement officials at all levels of government have extolled the convenience of having ready access to billions of records from data aggregators.

For example, ChoicePoint provides its more than 2,000 law enforcement clients with access to data derived from publicly available information such as bankruptcy filings, liens and arrest records; professional credentials like pilots' and drivers' licenses; records of U.S. military personnel; and corporate information.

The databases can identify a subject's neighbors, relatives and business associates. ChoicePoint and other companies also have invested in technology to discern geographic or pathological patterns in criminal behavior. Last year, ChoicePoint won at least $35 million in federal contracts, according to federal procurement records.

"There are a lot of companies that are making a lot of money simply through data aggregation," Rotenberg said.

"The very serious problem from a privacy perspective is that their customers are not the individuals on whom they're collecting the data. Their customers are typically landlords, insurers, employers, government agencies who are trying to find out information about others," he said. "That, in particular, is one of the reasons we think that industry needs to be not just subject to law, but actually heavily regulated."

Stuart Pratt, president of the Consumer Data Industry Association, testified to Congress recently that consumer reporting agencies already are under "severe" restrictions, and the rest of the consumer data industry was "significantly regulated to the types of data, risks and uses involved."

Inaccurate information

Grace Mastalli, principal deputy director for the information sharing and collaboration program at the Department of Homeland Security, told participants in a public DHS workshop last year that "we have sometimes used commercial data, not just to support identity authentication, but to assure the integrity of government data, and the accuracy of government data."

However, not all broker-held data is accurate.

"By outsourcing the collection of records, the government doesn't have to ensure the data is accurate, or have any provisions to correct it in the same way it would under the Privacy Act. There are no limits on how the information can be interpreted," said Robert O'Harrow, author of "No Place to Hide."

And consumers have little recourse if the information is wrong. "If some information about you is incorrect, there is no legal remedy to make a data broker fix it," said Paul Schwartz, a privacy law expert at the University of California at Berkeley.

The data brokers often pull information from inaccurate sources. For instance, the companies cull information from consumer credit reports, yet a 2004 study found that 79% of about 200 credit reports studied contained errors of some kind, according to the U.S. Public Interest Research Group, a nonprofit consumer advocacy group.

Fifty-four percent of the credit reports contained mistaken personal information on consumers, while 25% contained serious errors "that could result in the denial of credit, such as false delinquencies or accounts that did not belong to the consumer," according to the study, which covered the nation's three largest credit bureaus, Experian, TransUnion LLC and Equifax Inc. Equifax was ChoicePoint's parent company until 1997.

In an investigation earlier this year of the data resellers used by federal agencies, the Government Accountability Office, the investigative arm of Congress, criticized some commercial data brokers for failing to ensure the information given to government clients was sufficiently accurate.

"The information resellers didn't take action specifically to ensure the accuracy of information for the specific purpose that that information was going to be used for," said Linda Koontz, director of the GAO's information management issues division.

ChoicePoint insists its products are as accurate as legally possible. Of the 9 million background checks done through ChoicePoint each year, one out of every 1,000 has its accuracy challenged, said company spokesman Mark Furman. Of the records challenged, one in 1,000 resulted in a change to the record.

On consumers' shoulders

However, the onus is on consumers to detect errors in their records. "First, you have to convince the issuing agency that there is an error in the record, then you have to convince all the data brokers that might hold that record that it is wrong and request they stop distributing it," said U.C. Berkeley's Schwartz.

And, even if ChoicePoint makes corrections to its own system, it has no control over the record once it has been sold.

"There are tons of other commercial database entities out there and there's no way of tracking them all down and accessing your report," Schwartz said.

Police say some of the data quality problems that plague databases of both private aggregators and law enforcement are human in origin.

"You could have a mental health code attached to your name for no criteria other than the officer you met thought you were nuts," said a New England state police officer who asked not to be identified for fear of repercussions from his superiors.

Tondalaya Williams of Davenport, Iowa, has struggled since 1995 to erase a felony conviction made by another woman using her identity. The erroneous information has continued to show up in commercial databases, affecting background checks for jobs, insurance and her mortgage - even though Williams has presented documents to correct her record to police and the county clerks holding the original records on numerous occasions, she said.

"It's been 10 years. I mean, what else can I do to fix this?" she said.

Intraday Data provided by SIX Financial Information and subject to terms of use. Historical and current end-of-day data provided by SIX Financial Information. All quotes are in local exchange time. Real-time last sale data for U.S. stock quotes reflect trades reported through Nasdaq only. Intraday data delayed at least 15 minutes or per exchange requirements.